GitHub Enhances Security Capabilities With AI
Microsoft-owned code hosting platform GitHub today announced the public preview of three AI-powered features in GitHub Advanced Security.
Available for GitHub Enterprise Cloud and Enterprise Server customers, Advanced Security provides a series of features to help maintain and improve the quality of code. Some of these features, such as Dependabot, are also available for public repositories.
In a push for proactive security, GitHub has released tens of new capabilities to Advanced Security over the past year, and is now adding AI into the mix, “to revolutionize how developers build secure applications from the get-go”.
In addition to code scanning, the platform now offers an ‘autofix’ capability, where AI-generated fixes will be delivered for CodeQL, JavaScript, and TypeScript alerts in developers’ pull requests, enabling them to address issues immediately.
“These are not just any fixes, but precise, actionable suggestions that will allow you to quickly understand what the vulnerability is and how to remediate it. You can instantly commit these fixes to your code, helping you resolve issues faster and preventing new vulnerabilities from creeping into your codebases,” GitHub says.
The platform is also leveraging the latest LLMs to identify leaked passwords with lower false positives. The capability is offered as part of secret scanning, currently in limited public beta.
GitHub’s secret scanning program has 180 partners and provides more than 225 patterns for scanning, and is now leveraging AI to make it easier for code maintainers to create custom patterns to detect secrets unique to their organizations.
“Through this form-based experience, all you have to do is answer a few simple questions to auto-generate custom patterns in the form of regular expressions. This new feature enables you to execute dry runs in real time to ensure proper scanning before saving the newly created pattern,” GitHub explains.
Additionally, the platform has updated the security overview dashboard to provide security managers and administrators with access to an analysis of their security alerts and a better view of their security posture, based on risks, remediation, and prevention.
“We’re thrilled to harness the power of AI to improve the relevance of alerts, speed up remediation, and improve the administrative experience—with the ultimate goal of making your teams happier and more productive, and your code more secure,” GitHub says.
A spike in generative AI repositories
Also today, GitHub released a new iteration of its Octoverse report, revealing that an increasing number of developers are building open source generative AI projects, which have made it to “the top 10 most popular open source projects by contributor count in 2023”.
The number of generative AI projects on GitHub in the first half of 2023 more than doubled compared to the entire 2022, and developers have progressed from research to using pre-trained models and APIs to create generative AI-powered applications.
Building on top of foundation models, such as ChatGPT, developers leverage LLMs to create APIs, assistants, bots, mobile applications, and plugins, laying the groundwork for mainstream adoption.
“With almost all developers (92%) using or experimenting with AI coding tools, we expect open source developers to drive the next wave of AI innovation on GitHub,” the platform says.
The top 20 open source generative AI projects on GitHub are owned by individuals, but the platform expects organizations to start using pre-trained AI models too, as more developers become accustomed to them.
In terms of contributions to generative AI projects, GitHub has observed a 148% year-over-year growth, with the US, India, and Japan leading the trend, and Hong Kong, the UK, and Brazil following.
“As more and more developers gain familiarity with building generative AI-powered applications, we expect a growing talent pool to bolster businesses that seek to develop their own AI-powered products and services,” GitHub notes.
Today, the platform also announced the adoption of LLMs for GitHub Copilot, the AI developer tool that has more than one million paid users. In December, the tool’s users will have access to Copilot Chat, which leverages LLMs to help developers identify errors, debug code, and more.
“Copilot Chat will be generally available in December 2023 as part of your existing GitHub Copilot subscription, for organizations and individuals. This offering is also available at no cost to verified teachers, students, and maintainers of popular open source projects,” GitHub announced today.
Resource : https://www.securityweek.com/github-enhances-security-capabilities-with-ai/?web_view=true